Package: ca-certificates Version: 20230311ubuntu0.22.04.1 Severity: normal Dear Maintainer,
I wanted to disable all the certificates provided by the ca-certificates package, and only include my own. Upon doing so, and running update-ca-certificates, I found that /etc/ssl/certs/ca-certificates.crt contained all the old certificates. To reproduce: 1. install package 2. deselect all listed entries in ca-certificates.conf sed -i '/^[^#!]/s/^/!/' /etc/ca-certificates.conf 3. run update-ca-certificates, see that /etc/ssl/certs/ca-certificates.crt is unmodified. The bug in update-ca-certificates is that the TEMPBUNDLE file is never created if the 'add' function is never called. If the TEMPBUNDLE file does not exist, then it will not be moved into place at the end. -- System Information: Debian Release: bookworm/sid APT prefers jammy-updates APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy') Architecture: amd64 (x86_64) Kernel: Linux 6.2.0-32-generic (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ca-certificates depends on: ii debconf [debconf-2.0] 1.5.79ubuntu1 ii openssl 3.0.2-0ubuntu1.10 ca-certificates recommends no packages. ca-certificates suggests no packages. -- debconf information excluded